<HTML>
 <TITLE>BBC NEWS | Technology | Boom times for hi-tech criminals</TITLE>
 <META name="keywords" content="BBC, News, BBC News, news online, world, uk, international, foreign, british, online, service">
 <META name="OriginalPublicationDate" content="2008/01/02 09:32:37">
 <META name="UKFS_URL" content="/1/hi/technology/7154187.stm">
 <META name="IFS_URL" content="/2/hi/technology/7154187.stm">
 <META name="ROBOTS" content="NOARCHIVE">
 <META content="text/html;charset=UTF-8">
<BODY>
 Boom times for hi-tech criminals
 <!--Smvb-->
 <!--Smvb-->
 By Mark Ward
 <BR>
 Technology Correspondent, BBC News website
 <!--Emvb-->
 <BR>
 <!--Emvb-->
 <P></P>
 <B>
 Starting a career as a cyber criminal got much easier in 2007.
 </B>
 <P></P>
So say security experts looking back on 12 months in which hi-tech gangs took control of the net&apos;s underground.
 <P></P>
The economy supporting these groups has matured so much that now everything from virus-writing kits to spam-spewing zombies are available for rent or hire.
 <P></P>
This has helped to fuel, say security professionals, rapid growth in the methods criminals use to catch out PC users and steal saleable data.
 <P></P>
 <B>
 Money game
 </B>
 <P></P>
&quot;2007 was a fairly interesting year,&quot; said Joe Telafici, vice president of operations for McAfee&apos;s Avert Labs, &quot;cyber crime continued to fuel most of the security attacks we saw.&quot;
 <P></P>
It was a year, he said, which saw the effective extinction of young hackers who wrote viruses and other malicious programs for fun.
 <P></P>
Now, he said, Windows malware was all about money.
 <P></P>
Some attacks, such as phishing runs, were clearly about stealing cash from victims either from a credit card or bank account.
 <P></P>
But, he said, many others that looked more innocuous were done with money in mind. For instance, he said, trojans placed in banner ads that try to hijack a home PC were all about getting hold of resources that can be rented out for a fee to spammers or other net-based criminals.
 <P></P>
&quot;There&apos;s a real eco-system built around this,&quot; he said.
 <P></P>
Paul Henry, vice president of technology evangelism at Secure Computing said the tool of choice for many hi-tech criminals was the botnet - a collection of hijacked home PCs.
 <P></P>
&quot;Botnets are now a well-organised tool,&quot; he said. &quot;They are at a point now where they are creating smaller botnets from larger ones.&quot;
 <P></P>
This was being done, he said, because like all businessmen criminals were keen to make the most of their assets.
 <P></P>
2007 saw news break about one of the biggest botnets ever created. The network got its name from spam e-mails sent in January that capitalised on interest in a series of severe European storms to infect a large number of Windows PCs.
 <P></P>
Successive spam campaigns added to the numbers of machines in the Storm botnet and, though estimates vary, many believe it was made up of more than 1 million machines.
 <P></P>
A ready market for the buying and selling of time on a botnet and the tools needed to put it to good use had sprung up, said Mr Henry.
 <P></P>
&quot;Commercial exploitation has brought the real value of these tools to the vast majority,&quot; he said.
 <P></P>
One of the most widely known tools was the MPack kit which was created by a Russian hacker gang. Anyone buying it got included in the price a year of technical support that updated them with the latest vulnerabilities so it could be used time and again for attacks.
 <P></P>
But, said Mr Telafici, this had created problems for some makers of malicious software.
 <P></P>
&quot;One kit developer recently threw in the towel because they could no longer get the margins they used to,&quot; he said.
 <P></P>
&quot;Instead they opened up the source and gave it away. There were just too many players in that space, it&apos;s too crowded.&quot;
 <P></P>
 <B>
 Novel threats
 </B>
 <P></P>
This busy market was driving innovation, said Simon Heron, managing director of Network Box.
 <P></P>
&quot;We&apos;ve seen attacks move away from sending e-mail with poisoned attachments to groups doing drive-by downloads,&quot; he said.
 <P></P>
Some of those that used to send huge numbers of phishing e-mails were now indulging in &quot;spear phishing&quot; which brought together lots of bits of data to make the messages they send look much more convincing.
 <P></P>
Mr Heron said he had seen campaigns targeted at a few hundred people such as the senior managers in a large firm.
 <P></P>
&quot;It&apos;s just fascinating seeing that this is happening,&quot; he said.
 <P></P>
The move away from the old attack vector of e-mail meant troubled times for users, he said.
 <P></P>
&quot;The bad guys are becoming more sophisticated and that means its becoming more difficult to stay safe,&quot; he said.
 <P></P>
Summing up Paul Henry from Secure Computing said 2007 was the year that hi-tech crime became firmly established and entrenched.
 <P></P>
&quot;I see no end to this,&quot; he said, &quot;until we effectively reduce the value of personal information to the point where for the hackers it is useless.&quot;
 <P></P>
Story from BBC NEWS:<BR>
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7154187.stm<BR>
<BR>
Published: 2008/01/02 09:32:37 GMT<BR>
<BR>
&copy; BBC MMVIII<BR>
</BODY></HTML>